CLI Flags Reference¶
Every flag for every command, with types, defaults, and examples.
Global¶
No global flags.
audit¶
| Flag | Short | Type | Default | Description |
|---|---|---|---|---|
CONTRACT_PATH |
— | Path (required) | — | Path to the .sol contract file |
--mode |
-m |
Choice: detect, patch, exploit, all |
all |
How far to run the pipeline |
--output |
-o |
Path | None |
Save JSON results to file |
--max-patches |
— | Integer | 2 |
Max vulnerabilities to patch (highest-severity first). Use -1 for all |
--attest |
— | Flag | False |
Attest results on-chain (EAS Sepolia) after completion |
--contract-address |
— | String | None |
Contract address for on-chain attestation (required with --attest) |
--resume |
— | Flag | False |
Resume from last checkpoint |
Examples:
# Full audit with defaults (patch top 2, no attestation)
python3 -m src.main audit data/contracts/VulnerableBank.sol
# Detection only
python3 -m src.main audit data/contracts/VulnerableBank.sol --mode detect
# Patch all vulnerabilities
python3 -m src.main audit data/contracts/VulnerableBank.sol --max-patches -1
# Audit + attestation
python3 -m src.main audit data/contracts/VulnerableBank.sol --attest --contract-address 0x1234...
# Save results
python3 -m src.main audit data/contracts/VulnerableBank.sol -o report.json
# Resume interrupted audit
python3 -m src.main audit data/contracts/VulnerableBank.sol --resume
detect¶
| Flag | Short | Type | Default | Description |
|---|---|---|---|---|
CONTRACT_PATH |
— | Path (required) | — | Path to the .sol contract file |
--multi-expert |
-me |
Flag | False |
Use multi-expert analysis (3 parallel LLM experts) |
--strategy |
-s |
Choice: ba, ta, all |
all |
Detection strategy (LLM-SmartAudit §3.2) |
Strategy values:
| Value | Description |
|---|---|
ba |
Broad Analysis — general vulnerability scan using ReAct prompting |
ta |
Targeted Analysis — checks specific vulnerability types in parallel |
all |
Both BA and TA (default) |
Examples:
# Standard detection
python3 -m src.main detect data/contracts/VulnerableBank.sol
# Multi-expert mode
python3 -m src.main detect data/contracts/VulnerableBank.sol --multi-expert
# Targeted only
python3 -m src.main detect data/contracts/VulnerableBank.sol --strategy ta
# Broad only
python3 -m src.main detect data/contracts/VulnerableBank.sol --strategy ba
patch¶
| Argument | Type | Description |
|---|---|---|
CONTRACT_PATH |
Path (required) | Path to the .sol contract file |
VULNERABILITY_ID |
String (required) | ID from detect output (e.g., slither-0, mimo-1) |
Example:
exploit¶
| Argument | Type | Description |
|---|---|---|
CONTRACT_ADDRESS |
String (required) | On-chain contract address |
EXPLOIT_CODE_PATH |
Path (required) | Path to Foundry exploit test file |
Example:
attest¶
| Argument | Type | Description |
|---|---|---|
CONTRACT_ADDRESS |
String (required) | Contract address for the attestation |
--contract-path |
Path | Path to contract source (auto-detects from audit history if omitted) |
Examples:
# Standalone (score=10, no vulns)
python3 -m src.main attest 0xYourContract
# With contract source (runs detect first)
python3 -m src.main attest 0xYourContract --contract-path data/contracts/VulnerableBank.sol
serve¶
No flags. Starts the MCP server over stdio.
evaluate¶
No flags. Runs evaluation on test cases in data/vulnerabilities/.
See Also¶
- CLI Reference — command descriptions and workflows
- Configuration Reference —
.envandsettings.yaml - Quickstart — common usage patterns